Why Spamassasin gives itselve shh access with bin/sh?

I wonder why spamassasis grantes itselve ssh access with bin/sh instead of bin/false. Is this no security risk to grant a software full shh access to the server?

chonthicha tutama's picture

bin/sh or bin/bash allows to run ssh commands

If spamassassin grants itselve bin/sh or bin/bash rights then it can run ssh commands on the server without any restrictions. I dont know why Spamassassin needs this kind of access but as server administrator I would investigate if I really need the spamassassin and if i change the permission to /bin/false if it still does its job correct. Th problem is if spammassassin software gets hacked then people might get root access to the server. Thats not really perfect as you need to trust the spamassassin company fully.

Vote the answer: 
5
Average: 5 (2 votes)